[PATCH][RFA/RFC] Stack clash mitigation patch 02/08 - V3
Jeff Law
law@redhat.com
Mon Sep 18 15:53:00 GMT 2017
On 09/18/2017 03:29 AM, Andreas Schwab wrote:
> On Jul 30 2017, Jeff Law <law@redhat.com> wrote:
>
>> This patch introduces generic mechanisms to protect the dynamically
>> allocated stack space against stack-clash attacks.
>>
>> Changes since V2:
>>
>> Dynamic allocations can be emitted as unrolled inlined probes or with a
>> rotated loop. Blockage insns are also properly emitted for the dynamic
>> area probes and the dynamic area probing now supports targets that may
>> make optimistic assumptions in their prologues. Finally it uses the new
>> param to control the probing interval.
>>
>> Tests were updated to explicitly specify the guard and probing interval.
>> New test to check inline/unrolled probes as well as rotated loop.
>
> Does that work correctly when the VLA is smaller than the probe size
> (word_mode by default)? I see a failure in glibc on armv7 where
> ldconfig is using a zero-size VLA, which is invalid in C, but it could
> also end up using a VLA of size 1.
For a dynamic allocation of size 0, we should be probing into the red
zone. Alternately we could emit the branch around the probing bits.
I'd need to think about how that interacts with quirks of the aarch64
outgoing argument probing conventions though.
Can you confirm if the probe was in the red zone vs the live areas on
the stack? The latter would be a serious issue obviously and I'd like
to track it down. A testcase would be helpful.
Jeff
More information about the Gcc-patches
mailing list